Ethereal

Re: [Ethereal-dev] Support SMBreadX in SAMR calls
Google
 
Web Ethereal.com

Home | Introduction | Documentation | Lists | FAQ | Development | Wiki | Bugs

Main Index | Thread Index | Mailing Lists | | Date Prev | Date Next | Thread Prev | Thread Next

Ethereal-dev: November 2002

 

I think ethereal can decode DCERPC carried ontop of SMBreadX just fine.

Make sure you have DCERPC reassembly enabled :
   DCERPC/Desegment all DCEoverTCP (also includes SMB transport)
   SMB/Reassemble SMB Transaction Payload
   SMB/Reassemble DCERPC over SMB

You probably also want to enable NBSS/Reassemble NBSS over TCP
and TCP/Allow subdissector to desegment TCP streams


----- Original Message ----- 
From: "Devin Heitmueller" 
Subject: [Ethereal-dev] Support SMBreadX in SAMR calls


> Hello,
> 
> I've been doing some work with SAMR calls using Ethereal, and I am
> seeing that Ethereal is incapable of dissecting the trace if the PDU is
> large enough to require the use of SMBreadX and SMBwriteX.  
> 
> Has anyone investigated being able to handle output represented in a
> SMBreadX request?  Has anyone determined that this is not practical or
> technically feasible?
> 
> Thanks,

Powered by MHonArc 2.6.10

Please send support questions about Ethereal to the ethereal-users[AT]ethereal.com mailing list.
For corrections/additions/suggestions for this web page (and not Ethereal support questions), please send email to ethereal-web[AT]ethereal.com.
Last modified: Fri, November 10 2006.
"Ethereal" and the "e" logo are registered trademarks of Ethereal, Inc.